构建新的jenkins镜像
docker pull jenkins/jenkins:2.190.3
mkdir -p /data/dockerfile/jenkins && cd /data/dockerfile/jenkins
vim dockerfile
FROM jenkins/jenkins:2.190.3
USER root
ADD id_rsa /root/.ssh/id_rsa
ADD config.json /root/.docker/config.json #把200 的/root/.docker/config.json cp 到Jenkins容器里面。
ADD get-docker.sh /get-docker.sh
RUN echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config &&
/get-docker.sh --mirror Aliyun &&
/bin/cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&
echo 'Asia/Shanghai' >/etc/timezone
ssh-keygen -t rsa -b 2048 -C "1xxx@qq.com" -N "" -f /root/.ssh/id_rsa #这个邮箱要用自己的,后面和gitee进行联动。
基于 jenkins/jenkins:2.190.3 构建一个新的Jenkins 镜像
dockerfile 说明:
设置容器内的时区
将ssh私钥加入到容器,后来从gitee 拉取代码会用到,配对的公钥应配置在gitlab中
加入了登录自建harbor仓库的config文件
在容器里安装docker客户端
[root@hdss7-200 jenkins]# ll
total 28
-rw------- 1 root root 151 May 4 21:48 config.json
-rw-r--r-- 1 root root 381 May 4 22:16 dockerfile
-rwxr-xr-x 1 root root 13328 May 4 21:34 get-docker.sh
-rw------- 1 root root 1679 May 4 21:38 id_rsa
[root@hdss7-200 jenkins]# pwd
/data/dockerfile/jenkins
# 构建镜像,时间比较长。
docker build . -t harbor.od.com/infra/jenkins:v2.190.3
构建好了后 运行该镜像 测试到gitee 的连接性:
docker run --rm harbor.od.com/infra/jenkins:v2.190.3 ssh -i /root/.ssh/id_rsa -T git@gitee.com
Warning: Permanently added 'gitee.com,212.64.62.174' (ECDSA) to the list of known hosts.
Hi xxx! You've successfully authenticated, but GITEE.COM does not provide shell access.
配置 nfs 共享
给Jenkins存储用的
# 在所有主机上: yum install nfs-utils -y #在7.200 上 vim /etc/exports /data/nfs-volume 10.4.7.0/24(rw,no_root_squash) mkdir -p /data/nfs-volume systemctl start nfs systemctl enable nfs
jenkins yaml 配置文件
docker pull jenkins/jenkins:2.190.3 #Jenkins 镜像
[root@hdss7-200 jenkins]# cat dp.yaml kind: Deployment apiVersion: extensions/v1beta1 metadata: name: jenkins namespace: infra labels: name: jenkins spec: replicas: 1 selector: matchLabels: name: jenkins template: metadata: labels: app: jenkins name: jenkins spec: volumes: - name: data nfs: server: hdss7-200 path: /data/nfs-volume/jenkins_home - name: docker hostPath: path: /run/docker.sock type: '' containers: - name: jenkins image: harbor.od.com/infra/jenkins:v2.190.3 imagePullPolicy: IfNotPresent ports: - containerPort: 8080 protocol: TCP env: - name: JAVA_OPTS value: -Xmx1024m -Xms1024m volumeMounts: - name: data mountPath: /var/jenkins_home - name: docker mountPath: /run/docker.sock imagePullSecrets: - name: harbor securityContext: runAsUser: 0 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 maxSurge: 1 revisionHistoryLimit: 7 progressDeadlineSeconds: 600
=============================
spec:
volumes:
- name: data
nfs:
server: hdss7-200
path: /data/nfs-volume/jenkins_home
指定 远程的nfs server ip 和远程路径
=============================================
[root@hdss7-200 jenkins]# cat ingress.yaml
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: jenkins
namespace: infra
spec:
rules:
- host: jenkins.od.com
http:
paths:
- path: /
backend:
serviceName: jenkins
servicePort: 80
[root@hdss7-200 jenkins]# cat svc.yaml
kind: Service
apiVersion: v1
metadata:
name: jenkins
namespace: infra
spec:
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 8080
nodePort: 22143
selector:
app: jenkins
然后 apply -f 这四个文件
初始化Jenkins
在 dns server 7.11 上 增加A 记录 jenkins A 10.4.7.10 浏览器访问 jenkins.od.com 初始化密码的位置 ,在nfs server 200 上。 jenkins_home]# cat /data/nfs-volume/jenkins_home/secrets/initialAdminPassword
安装blue-ocean 插件 ,后面 流水线构建时候回用到
配置jenkins 的安全策略,开启匿名访问
现在jenkins 部署好了,下面可以通过jenkins 结合 gitee 进行流水线构建微服务了, 下篇写。